Trusted by 7 of the Largest Financial FirmsTrusted by 4 of the Top Telco ProvidersTrusted by 8 of the Largest RetailersTrusted by 6 of the Leading Global Tech CompaniesTrusted by 7 of the Leading Travel & Transportation Groups

Resources

Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!

The Firewall Whisperer

Jan 13, 2010Mike Cooley

Let’s face it, sometimes firewalls just don’t behave. It’s not for a lack of trying…no, quite the opposite, we” tell” it what to do over and over, and many times in hundreds of different ways through various commands otherwise known as rules. Over time, these rules go unheard, and unused, and the result is unpredictable, sometimes unruly behavior. Alas, your young pup becomes a lethargic beast whose legs quiver under the strain of keeping the rest of its body mobile and willing to move.

Enter the Firewall Whisperer. Equal parts drill sergeant and psychologist, it is time to make some changes, some subtle, others drastic, all effective - FireMon.

Analogies aside, unused rules are a serious problem and these days, top of mind for most firewall administrators given that nearly 40% of all rules on a firewall go unused, according to several published reports. It hasn’t always been this way: in fact, for several years, we [Secure Passage] evangelized the problem and our “Rule Usage Analysis” feature as a sales organization only to be met with a, “…cool, but could we hear more about your change control and auditing features?” (In our prospects defense, the year was 2004 and FireMon 2.1 with Rule Usage Analysis had just been introduced.) Of course, we were all too happy to show off those well established features [change control and auditing] whose entre into the security space was made public 3 years prior in 2001, to solve the problem of tracking and auditing changes made to the firewall in a market-defining way that was both graphical and historical collected in real-time.

Slowly but surely however, the problem of unused rules garnered more attention from security departments as firewall policies became more complex, and audit requirements demanded an explanation for the presence of every rule. The dilemma of identifying rules that no longer fulfill a business requirement is not unique to any single firewall vendor; each are guilty for omitting a way to fix the problem outside of an error-prone, manual, process of deciphering firewall logs and understanding policies, some, whose rules often number in the hundreds. (Good luck with that.)

Thankfully, there is a safe and effective solution to the problem: FireMon’s Policy Analysis suite. This feature works across all supported firewalls, including the industry’s big 3: Check Point, Cisco and Juniper. Using unobtrusive, real-time methods, FireMon identifies unused rules (NAT and security), objects, and services across both physical and virtual enforcement points. Additionally, the reporting ranks the use of all rules which identifies a secondary problem (though no less important) of used rules buried too far down the stack of rules processed by the firewall. Using this information, a firewall administrator now has the tools to make intelligent re-ordering decisions about the critical 10% of rules at the top of a policy to dramatically improve the performance of device; while also exorcising unused rules, objects and services of every firewall inside of the environment.

Perhaps it goes without saying, but using some of this new-found information, security can go back to the line of business and discuss the removal of long ago requested access and queue suspect rules for disablement and deletion. Overtime, this process fosters a working relationship between IT and the business which improves the security posture of the organization while improving its availability and operational efficiency in the process. Of course, this is only one part of the solution. In optimizing and maintaining a clean and efficient firewall policy, it is important to focus on 4 key areas: create and maintain an on-going rule analysis and clean-up process, understand what you have (what does each rule do?) , sort rules in the policy based on usage, and improve the rule creation process moving forward.

This is only the start. Like any good training program, the process (and it is that – a process) takes time, buy-in, and patience. We’ve looked briefly at the first aspect of the solution, next we’ll consider the other 3 in this holistic approach to reigning in the firewall, thanks to the Firewall Whisperer.

Events

Webinars

Traditional security models are all about the current state – but in the current state of cyber-security, by the time new rules are written, they’re obsolete. Resources have changed, topologies have shifted, traffic has evolved, and applications grew new arms and legs.

Most organizations that I talk to still have their networks designed for 90's era attacks. A hard perimeter and little to nothing on the inside. The one common exception is the part of the network that processes credit card data since PCI DSS specifically identifies the Cardholder Data Network (CDN) and requires controls around it.

Join David Monahan, managing research director at leading IT analyst firm Enterprise Management Associates (EMA), and discover the difference between organizations using an SPOA solution to manage their firewall environments versus those not using one of these solutions.

Using Security Policy And Automation (SPOA) Tools To Reduce The Attack Surface

Attack surfaces have expanded greatly in the past several years, in part because of the amount of new applications coming online via Internet of Things and increasingly connected technology. Organizations have an admittedly tough time keeping up with all the new touchpoints and the rapid expansion of the attack surface. Complete defense is nearly impossible, and many companies struggle with visibility issues, mismatched or misaligned firewall policies, and an inability to comprehensively test the security configurations they do have

Cloud technology gives enterprises faster application deployment, instant storage, workload versatility and pricing models that decrease initial capital investment. It is no wonder enterprises are making the move to the cloud.

Migrations run the risk of cost overrun, delays and disruption of network service - often due to a lack of personnel and process to efficiently and effectively manage. To ensure a successful migration, consider these four key factors: 1) identifying and removing technical mistakes, 2) removing unused access, 3) refining and organizing what remains and 4) continuous, real-time monitoring.

Network Security Policy Management (NSPM) continues to be a difficult practice for organizations the world over. In the last 20 years, network security policies (e.g. firewall rules) have grown by more than 3,500%. Yes, you read that number correctly. Why is that?

Gartner research has uncovered a number of security policy challenges for enterprises. Among these challenges are the typical assessments necessary to fortify policy for compliance and improved security posture.

Welcome to the world of overflowing regulations and compliance standards, of evolving infrastructure and the ever-present breach. It's a world where 72% of security and compliance personnel say their jobs are more difficult today than just two years ago.

Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.

Forrester’s Zero Trust Model of information security helps teams develop robust prevention, detection and incident response capabilities to protect their company's vital digital business ecosystem. This report will help security pros understand the technologies best suited to empowering and extending their Zero Trust initiatives and will detail how Forrester sees this model and framework growing and evolving.

The customer sought a data analysis tool to correlate application data with network and security data to spot service-impacting anomalies. They did not have an accurate picture of interoperability between applications and the underlying infrastructure.

This national insurance provider had three problems to tackle regarding their firewall policies. First, the number of rules under management was overwhelming staff and processes. They needed to increase visibility and effectiveness of their firewall change request/workflow ticketing process. And they also need help maintaining compliance PCI DSS requirements.

Each time this Global MSP engaged a new customer, they had to onboard the firewalls – sometimes hundreds per engagement – into their network. Part of the onboarding process required assessing the policies against internal best practices – a manual, line-by-line process that took an average of 16 hours/firewall and was extremely error-prone.